[449332, r=nelson] SECU_ParseCommandLine checks input for duplicate options and fixed such duplicate in pk12util

2 files changed, 64 insertions, 7 deletions

diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c
index 7a53723e8..765ca163f 100644
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -3315,6 +3315,56 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert,
     return(SECSuccess);
 }
 
+#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
+/* Returns true iff a[i].flag has a duplicate in a[i+1 : count-1]  */
+static PRBool HasShortDuplicate(int i, secuCommandFlag *a, int count)
+{
+	char target = a[i].flag;
+	int j;
+
+	/* duplicate '\0' flags are okay, they are used with long forms */
+	for (j = i+1; j < count; j++) {
+		if (a[j].flag && a[j].flag == target) {
+			return PR_TRUE;
+		}
+	}
+	return PR_FALSE;
+}
+
+/* Returns true iff a[i].longform has a duplicate in a[i+1 : count-1] */
+static PRBool HasLongDuplicate(int i, secuCommandFlag *a, int count)
+{
+	int j;	
+	char *target = a[i].longform;
+
+	if (!target)
+		return PR_FALSE;
+
+	for (j = i+1; j < count; j++) {
+		if (a[j].longform && strcmp(a[j].longform, target) == 0) {
+			return PR_TRUE;
+		}
+	}
+	return PR_FALSE;
+}
+
+/* Returns true iff a has no short or long form duplicates
+ */
+PRBool HasNoDuplicates(secuCommandFlag *a, int count)
+{
+    int i;
+
+	for (i = 0; i < count; i++) {
+		if (a[i].flag && HasShortDuplicate(i, a, count)) {
+			return PR_FALSE;
+		}
+		if (a[i].longform && HasLongDuplicate(i, a, count)) {
+			return PR_FALSE;
+		}
+	}
+	return PR_TRUE;
+}
+#endif
 
 SECStatus
 SECU_ParseCommandLine(int argc, char **argv, char *progName,
@@ -3328,6 +3378,9 @@ SECU_ParseCommandLine(int argc, char **argv, char *progName,
     int i, j;
     int lcmd = 0, lopt = 0;
 
+    PR_ASSERT(HasNoDuplicates(cmd->commands, cmd->numCommands));
+    PR_ASSERT(HasNoDuplicates(cmd->options, cmd->numOptions));
+
     optstring = (char *)PORT_Alloc(cmd->numCommands + 2*cmd->numOptions+1);
     if (optstring == NULL)
         return SECFailure;
diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c
index d1b6e8c42..dc08a6009 100644
--- a/security/nss/cmd/pk12util/pk12util.c
+++ b/security/nss/cmd/pk12util/pk12util.c
@@ -57,18 +57,22 @@ static void
 Usage(char *progName)
 {
 #define FPS PR_fprintf(PR_STDERR,
-    FPS "Usage:	 %s -i importfile [-d certdir] [-P dbprefix] [-h tokenname] [-v]\n",
+    FPS "Usage:	 %s -i importfile [-d certdir] [-P dbprefix] [-h tokenname]\n",
 				 progName);
     FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n");
+    FPS "\t\t [-v]\n");
 
-    FPS "Usage:	 %s -l listfile [-d certdir] [-P dbprefix] [-h tokenname] [-r]\n",
+    FPS "Usage:	 %s -l listfile [-d certdir] [-P dbprefix] [-h tokenname]\n",
 				 progName);
     FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n");
+    FPS "\t\t [-v]\n");
 
-    FPS "Usage:	 %s -o exportfile -n certname [-d certdir] [-P dbprefix] [-v]\n", 
-        progName);
-    FPS "\t\t [-c key_cipher] [-C cert_cipher] [-m | --key_len keyLen] [-n | --cert_key_len certKeyLen]\n");
-    FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filefilepw]\n");
+    FPS "Usage:	 %s -o exportfile -n certname [-d certdir] [-P dbprefix]\n",
+		progName);
+    FPS "\t\t [-c key_cipher] [-C cert_cipher]\n"
+        "\t\t [-m | --key_len keyLen] [--cert_key_len certKeyLen] [-v]\n");
+    FPS "\t\t [-k slotpwfile | -K slotpw]\n"
+		"\t\t [-w p12filepwfile | -W p12filefilepw]\n");
 
     exit(PK12UERR_USAGE);
 }
@@ -955,7 +959,7 @@ static secuCommandFlag pk12util_options[] =
     { /* opt_Cipher	       */ 'c', PR_TRUE,  0, PR_FALSE },
     { /* opt_CertCipher	       */ 'C', PR_TRUE,  0, PR_FALSE },
     { /* opt_KeyLength         */ 'm', PR_TRUE,  0, PR_FALSE, "key_len" },
-    { /* opt_CertKeyLength     */ 'n', PR_TRUE,  0, PR_FALSE, "cert_key_len" }
+    { /* opt_CertKeyLength     */ 0, PR_TRUE,  0, PR_FALSE, "cert_key_len" }
 };
 
 int